The ability of any organization (end user or supplier) to develop and implement industrial cybersecurity management projects successfully, making optimal use of resources, in minimal time, with a clear visualization of progress, is no longer an option.

The modular approach of the WBS methodology, with the clarity it provides, makes it reliable, profitable, and predictable for everyone.

This course addresses the management of industrial cybersecurity, focusing on the energy, oil and gas industries. It means complying with all the requirements of the ISA/IEC-62443 series of standards, harmonizing with the typical regulations of these sectors, which are NERC, C2M2, TSA, and other popular regulations.

At the end of the EN50 course, you will be able to:

• Understand each of the activities that are necessary to develop to implement a mature industrial cybersecurity program, complying with international standards by industry consensus and popular regulations of the sector.
• Understand the requirements and the minimum inputs necessary to start each of the activities appropriately, the necessary resources and a credible time estimate.
• Understand the objectives and deliverables that are necessary to produce as results of the different activities and the corresponding reports as demonstration and evidence of said implementation.
• How to demonstrate compliance with the ISA/IEC-62443-XX series of standards (and other regulations). Important for the organization that wants to certify the CSMP system.
• Formalize and document the completion of each of the major activities of the CSMP program. Observe and analyze the results of everything you are doing.
• Certify progress in a modular way. A Project Manager (PM) can use it to appropriately monitor progress across multiple plants and processes at the same time.
• Generate the necessary evidence that the organization is complying with the implementation of a mature and complete Industrial Cybersecurity program.
• Facilitate good decision-making to mitigate industrial cyber risks to protect the most valuable assets and create an industrial infrastructure resistant to all types of threats.
• Produce and document the elements necessary to justify industrial cybersecurity investments adequately with the certainty that security risks are mitigated.

You will cover the following topics in the course:

• Development of minimum necessary policies and procedures for the industrial cybersecurity program, CSMP.
• Development of necessary competencies, training programs and awareness of the entire organization.
• Audit, compliance and continuous improvement.
• Harmonization of the ISA/IEC-62443 series of standards with popular regulations (NERC, C2M2, TSA).
• Life Cycle Phase:
  • Industrial Cybersecurity risk assessment and decision-making to mitigate non-tolerable risk.
  • Design and implementation of security to protect all industrial assets and potential risk receptors.
  • Operation and maintenance to maintain the minimum necessary security tolerable by the organization.
• Development and classification of suppliers for Industrial security.
• Process of engineering, design, purchasing, construction, testing and security validation in new systems.
• Implementation strategy and essential recommendations that will save the company more than 50% in implementation effort and resources.

Who is it aimed at?

• Recommended for all personnel in industrial sectors such as: energy, water, oil, gas, steel, food, pharmaceutical, and many others, which are related to the activities of protecting critical infrastructure and control systems.
• The participation of IT security managers, system integrators, industrial control system providers, plant engineers, production and plant operation management, industrial security, specialists in security instrumented systems and maintenance personnel is recommended, whether they are high or middle management.

Requirements:

It has no specific requirements. It is recommended that the professional have knowledge of some of the following:

• Project Management according to PI/PMBOK methodology.
• International Cybersecurity Standards by industrial consensus ISA/IEC-62443.
• Corporate Cybersecurity or Information Security Standards, ISO-27000.
• Industrial risk management standards such as ISA/IEC-61511, functional safety.
• National regulations and/or standards such as NIST, NERC, and others.
• Experience in corporate project management and cultural change management.
• Other industrial risk management standards (worker safety, environmental safety, etc.).

Deliverables:

Participants will receive the material digitally through the educational platform, including the following materials.

• Access to course lessons online.
• Various documents, videos, and complementary material so that participants can delve deeper.
• Access to educational campus to download additional information and software.

Certificates:

A first certificate of knowledge is issued upon completion of the course

• Certificate: “Industrial Cybersecurity and Critical Infrastructure Life Cycle Management Practitioner”
• CRE credits: 0.8
• The certification exam is taken in class at the end of the course. Available in Spanish, Portuguese, and English.

A second experience certificate is issued after practical implementation in real projects.

• Certificate: “Expert in Life Cycle Management of Industrial Cybersecurity and Critical Infrastructures”
• CRE Credits: cumulative, depending on the duration of the activities carried out by the practitioner.

Recognitions:

All participants who meet the course requirements and successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital Badge certifies that the participant has attended the EN50 training course and has completed the final evaluation test with a good score, verifying that said participant has assimilated the new knowledge.